Skip to content

chore(deps): bump kysely from 0.28.14 to 0.28.17#4

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/kysely-0.28.17
Open

chore(deps): bump kysely from 0.28.14 to 0.28.17#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/kysely-0.28.17

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026
edited
Loading

Bumps kysely from 0.28.14 to 0.28.17.

Release notes

Sourced from kysely's releases.

0.28.17

Hey 👋

A small batch of bug fixes. Please report any issues. 🤞😰🤞

0.29 is right around the corner. Try the latest RC version!

🚀 Features

🐞 Bugfixes

📖 Documentation

📦 CICD & Tooling

⚠️ Breaking Changes

🐤 New Contributors

What's Changed

Full Changelog: kysely-org/kysely@v0.28.16...v0.28.17

0.28.16

Hey 👋

A small batch of bug fixes. Please report any issues. 🤞😰🤞

0.29 is getting closer btw. 🌶️

🚀 Features

🐞 Bugfixes

📖 Documentation

📦 CICD & Tooling

... (truncated)

Commits
  • d13d90b 0.28.17
  • dbb5405 feat: further harden JSON path .key(...) and .at(...) against SQL injecti...
  • 73192e4 docs(returning): remove outdated SQLite alias workaround (#1793)
  • b4566a1 0.28.16
  • 20548bc chore: change verifyDepsBeforeRun to "prompt".
  • 5f46cfb fix: FilterObject allows any defined value when query context has no tables...
  • e0d0669 chore: bump dependencies and github actions. (#1789)
  • 521156b add openssf scorecard.
  • 5a0f14b fix broken tsdoc references.
  • 6998915 support multi-entry point tsdoc without index module.
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 12, 2026
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 12, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednext@​16.2.662100919870
Addedposthog-node@​5.28.810010078100100
Addedremark-gfm@​4.0.19910010083100
Addedreact-markdown@​10.1.09910010083100
Addedreact@​19.2.41001008497100
Addedpino-pretty@​13.1.39910010086100
Addedposthog-js@​1.364.187100100100100
Addednext-safe-action@​8.3.01001008996100
Addedpino@​10.3.19910010090100
Addedreact-dom@​19.2.41001009298100
Addedmsw@​2.12.149310010096100
Addedresend@​6.9.498100100100100

View full report

@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 12, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn Critical
Critical CVE: Arbitrary code execution in npm protobufjs

CVE: GHSA-xq3m-2v4x-88gg Arbitrary code execution in protobufjs (CRITICAL)

Affected versions: >= 8.0.0 < 8.0.1; < 7.5.5

Patched version: 7.5.5

From: pnpm-lock.yamlnpm/posthog-js@1.364.1npm/protobufjs@7.5.4

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/protobufjs@7.5.4. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@debugg-ai
Copy link
Copy Markdown

debugg-ai Bot commented May 12, 2026

🧪 E2E Test Results

Commit Test Suite

📝 Commit: 0ce9053b (PR #4)

📊 Summary

Status: ❌ FAILED

Pass Rate: 40.0% (2/5)
Duration: 1.3 minutes
Breakdown: ✅ 2 passed | ❌ 3 failed

📋 Test Results

Status Test Name Category Duration Recording Final Screenshot
✅ Pass Templates page loads static Vercel templates conte... general 20.1s 🎬 View View
❌ Fail New Project page loads static project creation con... general 15.9s 🎬 View View
❌ Fail Learn page loads static learning content general 16.3s 🎬 View View
❌ Fail Docs page loads static Next.js documentation conte... general 13.9s 🎬 View View
✅ Pass Homepage loads static Create Next App content general 11.7s 🎬 View View

Generated by Debugg AI 🤖

@dependabot
chore(deps): bump kysely from 0.28.14 to 0.28.17
0a3758c 
Bumps [kysely](https://github.com/kysely-org/kysely) from 0.28.14 to 0.28.17.
- [Release notes](https://github.com/kysely-org/kysely/releases)
- [Commits](kysely-org/kysely@v0.28.14...v0.28.17)

---
updated-dependencies:
- dependency-name: kysely
  dependency-version: 0.28.17
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/kysely-0.28.17 branch from 0ce9053 to 0a3758c Compare May 15, 2026 14:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants